Total
12591 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26323 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 7.8 High |
| Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. | ||||
| CVE-2021-26321 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2024-11-21 | 5.5 Medium |
| Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. | ||||
| CVE-2021-26036 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table. | ||||
| CVE-2021-25746 | 1 Kubernetes | 1 Ingress-nginx | 2024-11-21 | 7.6 High |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | ||||
| CVE-2021-25745 | 1 Kubernetes | 1 Ingress-nginx | 2024-11-21 | 7.6 High |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | ||||
| CVE-2021-25742 | 2 Kubernetes, Netapp | 2 Ingress-nginx, Trident | 2024-11-21 | 7.6 High |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. | ||||
| CVE-2021-25741 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 8.8 High |
| A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. | ||||
| CVE-2021-25738 | 1 Kubernetes | 1 Java | 2024-11-21 | 6.7 Medium |
| Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. | ||||
| CVE-2021-25737 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 2.7 Low |
| A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. | ||||
| CVE-2021-25735 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 6.5 Medium |
| A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields. | ||||
| CVE-2021-25684 | 1 Canonical | 1 Apport | 2024-11-21 | 8.8 High |
| It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. | ||||
| CVE-2021-25683 | 1 Canonical | 1 Apport | 2024-11-21 | 8.8 High |
| It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. | ||||
| CVE-2021-25682 | 1 Canonical | 1 Apport | 2024-11-21 | 8.8 High |
| It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. | ||||
| CVE-2021-25520 | 1 Samsung | 1 Internet | 2024-11-21 | 5.9 Medium |
| Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | ||||
| CVE-2021-25517 | 1 Google | 1 Android | 2024-11-21 | 7.7 High |
| An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution. | ||||
| CVE-2021-25512 | 1 Google | 1 Android | 2024-11-21 | 6.1 Medium |
| An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities. | ||||
| CVE-2021-25511 | 1 Google | 1 Android | 2024-11-21 | 6.3 Medium |
| An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. | ||||
| CVE-2021-25510 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution. | ||||
| CVE-2021-25509 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 5.9 Medium |
| A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. | ||||
| CVE-2021-25504 | 1 Samsung | 1 Group Sharing | 2024-11-21 | 4 Medium |
| Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information. | ||||